Share this Job

Job Details

Category:IT/Web/Programming > Web Programming

ID:43132

Title:Document delivery portal

Location:Anywhere

Job Description

Document portal - To allow our customers to download reports that we have created. The customer must also have the ability to upload documents too.

User registration
- only when initiated by admin users
- email gets sent to requested user (OT link that expires after 12 hours)
- user will then follow a link to the system to register and create their own password (enforce password complexity, min 8 with 3 character groups)
- Allow multiple users to be assigned to a client

User authentication
- must be built with security in mind
- secure code review will be undertaken
- account lockouts (use re-CAPTCHA after 2 incorrect attempts, then lockout after 10 attempts for 30 mins)
- using a secure cookie mechanism (use platform session token with httponly & secure flags)
- Lock session to IP and not allow simultaneous login sessions
- Generate email to client on password change or lockout
- Session timeout after 30 mins

Forgotten password function
- allows registered users to reset password by following a link sent to their registered email address (with re-CATPCHA and/or security question?)
- must not allow username enumeration

Administration function
- Ability to upload and download documents from all registered users areas
- Create, delete and edit users details (including account unlocking)
- Initial administrator must be able to add further admin users
- Full logging - user auth, download, upload etc
- Account search feature – client, forename, surname and username

Upload and download documents
- Users must not be able to see other users documents
- All documents will be saved locally on the hosting webserver
- Users have the ability to delete documents within their account (although not to delete them physically from the disk)
- Alert specific users when a report is downloaded
- Limit file extension, content (could create a blacklist/whitelist) and size


Use stored procedures for all SQL queries. Every parameter is sanitised on the server side. Session token and username checked for every transaction.

All code is fully commented so we can understand it.

Job Budget

Type:Fixed Price

Budget:Not Specified

Additional Information

Attached Files: None

Bidding ends:Bidding Closed

Job Posted:02/11/2010 10:15

Bidding activity on this Job

Bids:11

Who has Bid:

Clarification Board

S. T. on 02/11/2010 11:20
Seems a lot of security and not much user experience focus. Would not a product like Basecamp fit your purpose?

Reply from Client

I. L. on 02/11/2010 11:36
Due to the sensitive nature of our work - the site needs to be a secure.

We also need to host this ourselves as we can not have the risk of our document deliverable being held by third parties.

The document portal is only a minor stage in our service to the customer.

S. T. on 02/11/2010 14:01
That's fine Iain. It's outside my usual work so I've forwarded your link to a colleague I know who can help. Nice to see a decent job outline of PPH for a change!

Reply from Client

I. L. on 02/11/2010 14:15
Thanks Simon!